Security News

Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs. You're a new Linux admin and you're familiar with how cron works.

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

To keep your Linux servers and desktops as secure as possible, you should check for legacy communication services. One thing you can do with Linux is remove the legacy communications services that can be installed by default, even though they are never used.

Intel addressed 57 security vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers. The security bugs are detailed in the 19 security advisories published by Intel on its Product Security Center, with security and functional updates being delivered to users through the Intel Platform Update process.

Guardicore released IPCDump, a new open source tool for tracing interprocess communication on Linux. The tool covers most interprocess communication mechanisms, including pipes, fifos, signals, Unix sockets, loopback-based networking, and pseudoterminals, and is useful for debugging multi-process applications and gaining transparency into how they communicate with one another in their IT environment.

Register reader "Jim" was the recipient of today's super-urgent callout, which occurred during his final week of paid employment ahead of a well-earned retirement. Describing himself as the resident PostgreSQL evangelist, he'd been given "The talk" by his boss and, like so many in the IT world, found his department was to be dissolved and the work sent abroad. Luckily, he was near enough to retirement to opt for a life not spent toiling under The Man and used his remaining six months of employment to wind things down.

The Linux Foundation announced that it will launch an open source industry collaboration focused on enabling a converged cellular core network stack, starting with the Magma open source software platform. Magma features an access-agnostic mobile packet core, advanced network automation and management tools, and the ability to integrate with existing LTE networks with use cases across both virtual and container Network Functions including fixed wireless access, carrier Wi-Fi, private LTE and 5G, network expansion, and mobile broadband.

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely. Cybersecurity firm ESET named the malware "Kobalos" - a nod to a "Mischievous creature" of the same name from Greek mythology - for its "Tiny code size and many tricks."

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers - high performance computer clusters - as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers. "Perhaps unrelated to the events involving Kobalos, there were multiple security incidents involving HPC clusters in the past year. Some of them hit the press and details were made public in an advisory from the European Grid Infrastructure CSIRT about cases where cryptocurrency miners were deployed. The EGI CSIRT advisory shows compromised servers in Poland, Canada and China were used in these attacks. Press articles also mention Archer, a breached UK-based supercomputer where SSH credentials were stolen, but does not contain details about which malware was used, if any," ESET researchers noted.

Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.